Hybrid View

Packed.Win32.Katusha.n

Yesterday I clicked on a folder on my desktop and I got a ZA popup that said that it had found Packed.Win32.Katusha.n and quarantined it. I was surprised that it said this was found in a McAfee rootkit detective program (Rootkit_Detective.exe) that I ran once about 3 years ago and is in a zip archive. When I ask for more information on it, the Kaspersky search says no matching records.

I saw today where there is another file quarantined by ZA, which is a system restore file. also tagged as having Packed.Win32.Katusha.n.

What should I do now. I still have the zipped archive of the file it alerted on, so should I send it into Kaspersky for analysis? Also, how do I get rid of all my old system restore points?

Re: Packed.Win32.Katusha.n

Re: Packed.Win32.Katusha.n

OK, I ran the file through VirusTotal and I am a little uncertain how to analyze the results. Here is what it said:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 373ee3e147216a7e434ad2c5532d655f
Date first seen: 2007-01-20 17:35:58 (UTC)
Date last seen: 2010-03-19 15:52:53 (UTC)
Detection ratio: 1/42

Re: Packed.Win32.Katusha.n

I have my update set to auto every 12 hours and I do see it updating, but I am not sure if it actually completes. The reason I say that is because a couple days ago I tried a manual update and it downloaded but it gave me an error and said it couldn't update. I assumed this meant it was already up to date and had I intended to pursue it further when I found the time. I am currently showing anti virus engine 8.0.2.48, DAT file version 1031940992. I am not sure if this is the most current and I briefly looked on the ZA site without luck to see which is the most current. I will continue looking.

I am not sure what you mean by asking to re-scan. Yesterday I did a "Deep Scan" of the entire PC and it did not detect the virus again. I looked at the scan settings, but I didn't see a way to "base your result on past scans". I have no exceptions listed in the advanced scanning options.

I am not certain what quarantine means since the original file is still on my drive in the same place it was found. I is still inside the zip archive, which is what I submitted to VirusTotal. I assumed VirusTotal would look at all the contents of a zip archive, but if not, do I need to unzip the executable inside before I submit? I don't want to unzip it for fear of unleashing something and I eventually intend to delete the file off my drive.